|
|
You're in the
iis security
group:security error in IIS logs (401.2 error)
iis security:
I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows Server 2003 w/ SP-1. When I navigate to my site (locally or from another network computer) in Internet Explorer I'm being prompting for a network username/password. I believe have configured the server properly in ISS, have the correct NTFS file permissions, etc. I would really like to know what sc-win32-status 2148074254 refers to (see my IIS log below). Anyone have any ideas? I know that the 401.2 error means "denied by server configuration" and often means a protocol issue between the browser and IIS. I'm not trying to do anything special here, just want to use plain vanilla Windows Authentication. I have anonymous access turned off for my site in IIS (my application requires this) but when I allow anonymous access the error goes away. I have attached my [truncated] IIS log below. Please let me know if you require any additional details about my environment. Any help that anyone can offer would be greatly apprecaited. I'm running out of ideas. Thanks in advance, Alexander ---SOF--- #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2006-06-23 17:04:28 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET /eProfitStartup.aspx - 80 - 10.34.43.11 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 401 2 2148074254 ---EOF---
Thanks for the response, Ken:
No, I do not get a 200 OK later in the log (posted in my original message). The first line that you see in the log is repeated over and over with the same error each time anyone attempts to access a page in my ASP.NET application. The only way I can get a 200 OK is if I manually enter in my username/password. It will keep prompting you over and over as you travel to new pages. I initially thought it was being blocked by a proxy on our network. The network guys don't think I should be going through the proxy. I read the following today (see URL) and don't know if it could be describing the culprit.... "Integrated Windows authentication is disabled by default if you install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream installation of a Windows Server 2003 operating system". I did find out that our build was a "slipstreamed" version of Win2K3 with SP-1, but I don't want to wipe the install, reinstall Win2K3, then install SP-1 over it, only to find out that this isn't going to fix the problem. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true Cheers, Alexander [quoted text, click to view] "Ken Schaefer" wrote:
> After this request, do you see a succesful 200 OK request being logged? The > request line below looks like part of a NTLM authentication handshake. > > Cheers > Ken > > "Alexander Ferrugia" <Alexander Ferrugia@discussions.microsoft.com> wrote in > message news:9B020444-0083-4729-8FD0-EC88C6E53D45@microsoft.com... > > Hi: > > > > I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows > > Server 2003 w/ SP-1. When I navigate to my site (locally or from another > > network computer) in Internet Explorer I'm being prompting for a network > > username/password. I believe have configured the server properly in ISS, > > have the correct NTFS file permissions, etc. > > > > I would really like to know what sc-win32-status 2148074254 refers to (see > > my IIS log below). Anyone have any ideas? I know that the 401.2 error > > means > > "denied by server configuration" and often means a protocol issue between > > the > > browser and IIS. I'm not trying to do anything special here, just want to > > use plain vanilla Windows Authentication. I have anonymous access turned > > off > > for my site in IIS (my application requires this) but when I allow > > anonymous > > access the error goes away. > > > > I have attached my [truncated] IIS log below. Please let me know if you > > require any additional details about my environment. Any help that anyone > > can offer would be greatly apprecaited. I'm running out of ideas. > > > > Thanks in advance, > > > > Alexander > > > > ---SOF--- > > > > #Software: Microsoft Internet Information Services 6.0 > > #Version: 1.0 > > #Date: 2006-06-23 17:04:28 > > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query > > s-port > > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status > > 2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET /eProfitStartup.aspx - > > 80 > > - 10.34.43.11 > > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) > > 401 2 2148074254 > > > > ---EOF--- > > > >
After this request, do you see a succesful 200 OK request being logged? The
request line below looks like part of a NTLM authentication handshake. Cheers Ken "Alexander Ferrugia" <Alexander Ferrugia@discussions.microsoft.com> wrote in message news:9B020444-0083-4729-8FD0-EC88C6E53D45@microsoft.com... [quoted text, click to view] > Hi: > > I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows > Server 2003 w/ SP-1. When I navigate to my site (locally or from another > network computer) in Internet Explorer I'm being prompting for a network > username/password. I believe have configured the server properly in ISS, > have the correct NTFS file permissions, etc. > > I would really like to know what sc-win32-status 2148074254 refers to (see > my IIS log below). Anyone have any ideas? I know that the 401.2 error > means > "denied by server configuration" and often means a protocol issue between > the > browser and IIS. I'm not trying to do anything special here, just want to > use plain vanilla Windows Authentication. I have anonymous access turned > off > for my site in IIS (my application requires this) but when I allow > anonymous > access the error goes away. > > I have attached my [truncated] IIS log below. Please let me know if you > require any additional details about my environment. Any help that anyone > can offer would be greatly apprecaited. I'm running out of ideas. > > Thanks in advance, > > Alexander > > ---SOF--- > > #Software: Microsoft Internet Information Services 6.0 > #Version: 1.0 > #Date: 2006-06-23 17:04:28 > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query > s-port > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status > 2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET /eProfitStartup.aspx - > 80 > - 10.34.43.11 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) > 401 2 2148074254 > > ---EOF--- >
Let me explain what I think is misunderstood from the URL. It is indicating
that we made anonymous-only websites the default... and NOT that Integrated Authentication is "broken" by default such that you have to do anything other than tick the check box to enable/use it. All we did was change the default of the checkbox from on to off, and you can tick it back on just as easily. Is KeepAlives allowed on your server. What are the Application Pool settings configured for that URL. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Alexander Ferrugia" <AlexanderFerrugia@discussions.microsoft.com> wrote in message news:98A1BB53-1656-4F46-9DE4-89472DEE7906@microsoft.com... [quoted text, click to view] > Thanks for the response, Ken: > > No, I do not get a 200 OK later in the log (posted in my original > message). > The first line that you see in the log is repeated over and over with the > same error each time anyone attempts to access a page in my ASP.NET > application. The only way I can get a 200 OK is if I manually enter in my > username/password. It will keep prompting you over and over as you travel > to > new pages. > > I initially thought it was being blocked by a proxy on our network. The > network guys don't think I should be going through the proxy. I read the > following today (see URL) and don't know if it could be describing the > culprit.... "Integrated Windows authentication is disabled by default if > you > install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream > installation of a Windows Server 2003 operating system". I did find out > that > our build was a "slipstreamed" version of Win2K3 with SP-1, but I don't > want > to wipe the install, reinstall Win2K3, then install SP-1 over it, only to > find out that this isn't going to fix the problem. > > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true > > Cheers, > > Alexander > > > "Ken Schaefer" wrote: > >> After this request, do you see a succesful 200 OK request being logged? >> The >> request line below looks like part of a NTLM authentication handshake. >> >> Cheers >> Ken >> >> "Alexander Ferrugia" <Alexander Ferrugia@discussions.microsoft.com> wrote >> in >> message news:9B020444-0083-4729-8FD0-EC88C6E53D45@microsoft.com... >> > Hi: >> > >> > I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows >> > Server 2003 w/ SP-1. When I navigate to my site (locally or from >> > another >> > network computer) in Internet Explorer I'm being prompting for a >> > network >> > username/password. I believe have configured the server properly in >> > ISS, >> > have the correct NTFS file permissions, etc. >> > >> > I would really like to know what sc-win32-status 2148074254 refers to >> > (see >> > my IIS log below). Anyone have any ideas? I know that the 401.2 error >> > means >> > "denied by server configuration" and often means a protocol issue >> > between >> > the >> > browser and IIS. I'm not trying to do anything special here, just want >> > to >> > use plain vanilla Windows Authentication. I have anonymous access >> > turned >> > off >> > for my site in IIS (my application requires this) but when I allow >> > anonymous >> > access the error goes away. >> > >> > I have attached my [truncated] IIS log below. Please let me know if >> > you >> > require any additional details about my environment. Any help that >> > anyone >> > can offer would be greatly apprecaited. I'm running out of ideas. >> > >> > Thanks in advance, >> > >> > Alexander >> > >> > ---SOF--- >> > >> > #Software: Microsoft Internet Information Services 6.0 >> > #Version: 1.0 >> > #Date: 2006-06-23 17:04:28 >> > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query >> > s-port >> > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status >> > 2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET >> > /eProfitStartup.aspx - >> > 80 >> > - 10.34.43.11 >> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) >> > 401 2 2148074254 >> > >> > ---EOF--- >> > >> >> >>
"Alexander Ferrugia" <AlexanderFerrugia@discussions.microsoft.com> wrote in
message news:98A1BB53-1656-4F46-9DE4-89472DEE7906@microsoft.com... [quoted text, click to view] > Thanks for the response, Ken: > > No, I do not get a 200 OK later in the log (posted in my original > message). > The first line that you see in the log is repeated over and over with the > same error each time anyone attempts to access a page in my ASP.NET > application. The only way I can get a 200 OK is if I manually enter in my > username/password. It will keep prompting you over and over as you travel > to > new pages. So you do get a 200 OK if you type in your username/password? But when you attempt to load the next page, you get another 401, then you need to enter your username/password again and then you get a 200? Something like: 401 page1.aspx 200 page1.aspx 401 page2.aspx 200 page2.aspx Do you have HTTP keep-alives enabled for this web site/web application? [quoted text, click to view] > > I initially thought it was being blocked by a proxy on our network. If there was an intervening proxy, you probably wouldn't be able to load the pages at all. You'd just get 401s all the time. Cheers Ken The [quoted text, click to view] > network guys don't think I should be going through the proxy. I read the > following today (see URL) and don't know if it could be describing the > culprit.... "Integrated Windows authentication is disabled by default if > you > install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream > installation of a Windows Server 2003 operating system". I did find out > that > our build was a "slipstreamed" version of Win2K3 with SP-1, but I don't > want > to wipe the install, reinstall Win2K3, then install SP-1 over it, only to > find out that this isn't going to fix the problem. > > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true > > Cheers, > > Alexander > > > "Ken Schaefer" wrote: > >> After this request, do you see a succesful 200 OK request being logged? >> The >> request line below looks like part of a NTLM authentication handshake. >> >> Cheers >> Ken >> >> "Alexander Ferrugia" <Alexander Ferrugia@discussions.microsoft.com> wrote >> in >> message news:9B020444-0083-4729-8FD0-EC88C6E53D45@microsoft.com... >> > Hi: >> > >> > I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows >> > Server 2003 w/ SP-1. When I navigate to my site (locally or from >> > another >> > network computer) in Internet Explorer I'm being prompting for a >> > network >> > username/password. I believe have configured the server properly in >> > ISS, >> > have the correct NTFS file permissions, etc. >> > >> > I would really like to know what sc-win32-status 2148074254 refers to >> > (see >> > my IIS log below). Anyone have any ideas? I know that the 401.2 error >> > means >> > "denied by server configuration" and often means a protocol issue >> > between >> > the >> > browser and IIS. I'm not trying to do anything special here, just want >> > to >> > use plain vanilla Windows Authentication. I have anonymous access >> > turned >> > off >> > for my site in IIS (my application requires this) but when I allow >> > anonymous >> > access the error goes away. >> > >> > I have attached my [truncated] IIS log below. Please let me know if >> > you >> > require any additional details about my environment. Any help that >> > anyone >> > can offer would be greatly apprecaited. I'm running out of ideas. >> > >> > Thanks in advance, >> > >> > Alexander >> > >> > ---SOF--- >> > >> > #Software: Microsoft Internet Information Services 6.0 >> > #Version: 1.0 >> > #Date: 2006-06-23 17:04:28 >> > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query >> > s-port >> > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status >> > 2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET >> > /eProfitStartup.aspx - >> > 80 >> > - 10.34.43.11 >> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) >> > 401 2 2148074254 >> > >> > ---EOF--- >> > >> >> >>
Found the solution to my problem and thought I would share:
Short story: Had to make a DNS entry for the IP address of the site name that I was using to host my ASP.NET application. More detailed story: I noticed that everything worked when I added the IP address as a "trusted site" in Internet Explorer. Without having this address added as a trusted server it would prompt me. I noticed that when I pinged a computer name in a command window, it would show up as the fully qualified name (sitename.domain). Therefore IE or TCPIP is getting information back from the DNS lookup in some fashion and it knows that this site is a "trusted site" -- although IE or TCP does not know this information if I try to use the actual IP address (instead of the name). This may just have something to do with our network settings. It is interesting though because we have a large global network largely managed by Microsoft (from the software side), so I imagine other people have or will run into this problem in the future. For those people, I hope reading this post helps. Cheers, Alexander [quoted text, click to view] "Alexander Ferrugia" wrote:
> Hi: > > I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows > Server 2003 w/ SP-1. When I navigate to my site (locally or from another > network computer) in Internet Explorer I'm being prompting for a network > username/password. I believe have configured the server properly in ISS, > have the correct NTFS file permissions, etc. > > I would really like to know what sc-win32-status 2148074254 refers to (see > my IIS log below). Anyone have any ideas? I know that the 401.2 error means > "denied by server configuration" and often means a protocol issue between the > browser and IIS. I'm not trying to do anything special here, just want to > use plain vanilla Windows Authentication. I have anonymous access turned off > for my site in IIS (my application requires this) but when I allow anonymous > access the error goes away. > > I have attached my [truncated] IIS log below. Please let me know if you > require any additional details about my environment. Any help that anyone > can offer would be greatly apprecaited. I'm running out of ideas. > > Thanks in advance, > > Alexander > > ---SOF--- > > #Software: Microsoft Internet Information Services 6.0 > #Version: 1.0 > #Date: 2006-06-23 17:04:28 > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status > 2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET /eProfitStartup.aspx - 80 > - 10.34.43.11 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) > 401 2 2148074254 > > ---EOF---
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |